Description

Options

Specify this option to print this command on the standard
output before executing. This option also prints the default value for all
the non-mandatory options that you do not provide in the command.

--no-prompt|-Q

If you specify this option, wadm will not
prompt you for passwords while executing this command. Use this option if
you have defined all passwords in a password file and specified the file using
the --password-file connect_option.

--verbose|-v

Specify this option to display a verbose output.

-rps-compute-interval|-a

Specify the time interval (in seconds) in which the average
(request per second) RPS is computed. Note that max-rps limit
will not be applied until the next request rate recomputation has occurred.
This means that a potential attacker can have unlimited requests serviced
until the initial interval runs out.

You can balance the length of this window of attack to the cost of frequent
recomputations by adjusting the interval parameter. The default value is 30 seconds.

-continue-condition|-o

Specify the condition that must be met for a blocked request
type to be available again for servicing. The values can be:

silence - refused requests must fall to
zero (over a subsequent interval) for the service to resume.

threshold - refused request rate must fall
below the RPS threshold for the service to resume.

The default value is threshold.

-error-code|-d

Specify the HTTP status code to use for blocked requests.
The default is 503, "Service Unavailable".

-monitor-attribute|-m

Specify an optional request attribute that has to be monitored.
Request rates are tracked in a "bucket" named by the value of this parameter.
If the monitor parameter is not given, the matching requests are tracked in
an unnamed (anonymous) bucket.

While the value of the monitor parameter can be a fixed string, it is
most useful when given in terms of obj.conf variables.

For example, monitor="$ip". Note that you can also
specify multiple variables.

-max-rps|-r

Specify the threshold value for RPS. If this value is exceeded,
subsequent connections will not serviced. There is no default value because
an acceptable RPS threshold can vary widely between sites.

-max-connections|-x

Specify the maximum number of concurrent connections. If a
matching request is received while there are at least this many requests being
processed, the request is rejected. As soon as concurrent requests fall below
this limit, new ones will be processed.